今週の気になるセキュリティニュース - Issue #63

#63・
Weekly newsletter of Masafumi Negishi
73

issues

Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Weekly newsletter of Masafumi Negishi will receive your email address.

Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi
事件、事故
攻擊、脅威
スパイウェアの Pegasus と Candiru を利用した、カタルーニャ州政府などを狙う監視活動について、Citizen Lab が報告。攻擊には iOS のゼロクリック脆弱性が利用された。
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware.
At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both.
Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases.
We identified evidence of HOMAGE, a previously-undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities.
We shared a selection of Pegasus cases with Amnesty International’s Tech Lab, which independently validated our forensic methodology.
米財務省、FBI、CISA が共同で、北朝鮮によるブロックチェーン企業への攻擊活動について注意喚起
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. For more information on North Korean state-sponsored malicious cyber activity, visit https://www.us-cert.cisa.gov/northkorea.
Google の Project Zero が 2021年に悪用されたゼロデイ脆弱性についてレポート
This is our third annual year in review of 0-days exploited in-the-wild [20202019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
Five Eyes の 5ヶ国が共同で、ロシアによる攻擊活動に関する注意喚起
The cybersecurity authorities of the United States[1][2][3], Australia[4], Canada[5], New Zealand[6], and the United Kingdom[7][8] are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.
標的型攻擊グループ BlackTech による攻擊活動について、NTT セキュリティからレポート
脆弱性
Lenovo 製 PC に UEFI 関連の複数の脆弱性
ESET researchers have discovered and analyzed three vulnerabilities affecting various Lenovo consumer laptop models. The first two of these vulnerabilities – CVE-2021-3971CVE-2021-3972 – affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated. These affected firmware drivers can be activated by attacker to directly disable SPI flash protections (BIOS Control Register bits and Protected Range registers) or the UEFI Secure Boot feature from a privileged user-mode process during OS runtime. It means that exploitation of these vulnerabilities would allow attackers to deploy and successfully execute SPI flash or ESP implants, like LoJax or our latest UEFI malware discovery ESPecter, on the affected devices.
Tsukasa #01 (3x vaccinated)
恐ろしく影響範囲が広い Java 脆弱性。
CVE-2022-21449: Java 15 以降の ECDSA 署名において、あらゆるデータの署名として通用する署名が簡単に作成できる (本来は無効なはずだが Java 実装がそれを通してしまう) というもの。ちょっと一見しただけでは信じられなかった。要するに白紙の小切手。 https://t.co/A7PrjJ8epp
米 CISA が Known Exploited Vulnerabilities (KEV) カタログに 3個の脆弱性を追加
その他
Did you enjoy this issue? Yes No
Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.